Labor slams Govt over personal data breach notifications


news The Labor opposition has strongly criticised the federal government over its failure to pass legislation on personal data breach notifications, saying Australians currently have no recourse if their data is hacked.

At present, if Australians have their personal information compromised through error or hacking online, companies are under no obligation to inform the victims that it has occurred, Labor Shadow Attorney-General Mark Dreyfus pointed out in a statement.

“This means Australians cannot take defensive action if their data falls into the wrong hands, and this is not acceptable in an age when lives are lived online,” Dreyfus said.

Mandatory data breach alerts were recommended by the Australian Law Reform Commission in 2009, with the Labor Government introducing legislation into Parliament in 2013.

However, “the Liberal Party is set to squib it on this important cyber-security measure once again,” Dreyfus said.

If passed, the 2103 legislation would have required companies to inform Australians when their personal information had been compromised “as soon as was practicable”.

After voting in favour of the bill in the House of Representatives before the election, the incoming Abbott Government did not proceed with the legislation, the statement said.

In early 2015, Parliament’s bipartisan national security committee recommended that the Government should implement mandatory data breach notification legislation by the end of the year.

“Having missed that deadline, the Government’s plans to put legislation to Parliament in the current session will now be kyboshed by Mr Turnbull’s sneaky political tactic of an early double-dissolution election,” said Dreyfus.

“As Mr Turnbull announces the beefing up of national cyber security defences, he has once again let down Australians on their individual cyber safety. It is ridiculous that the Abbott-Turnbull government has failed to pass what should be an uncontroversial measure after three years of government,” the Shadow Attorney-General concluded.

Yesterday, Prime Minister Malcolm Turnbull also called for better communication over computer security breaches.

Following the launch of the Government’s $240 million Cyber Security Strategy, according to ZDNet, Turnbull said: “It’s very important that we have a more open culture in this area and we have to lead by example.”

Acknowledging Kmart’s voluntary notification of a data breach last year, the PM said:

“If we work together … if we share more, and if the telcos share more too, then as we learn more about the vulnerabilities and the vectors which malicious actors use, then we become more secure and we all learn from each other.”


  1. *Sighs* so the party that claims it’s all about personal privacy and responsibility is continuing to be the biggest invader of our privacy.

    So much for the small “l” liberals.

    • They just don’t want it.

      They know the databases holding our data under the mandatory data retention scheme will be breached and want to avoid the political embarrassment when it does happen.

      The LPA doesn’t give a shit about Australians (see: NBN, Corporate Taxation, Deficit, etc, etc).

  2. “as soon as was practicable” even sounds pretty weak to me. Sorry the only guy in our organisation that knows how to inform customers is on long service leave and will be back in 3 months, is that soon enough?
    Or if your a Government organisation then it will probably take even longer with all the red tape around reporting and releasing information. Maybe 6 months later.

  3. Guess why ?

    Telstra doesn’t have a great track record. And their data retention fascist policies will get hacked no doubt through escalated malware attacks through any one who pays to access it.

    You know they are full of shit when they talk about tackling cyber security the government are cyber criminals themselves.

  4. If they truly gave a shit about cyber security they would offer businesses free cloudflare type services to stop the bots for starters.

    Perhaps an exploit testing service.

    But more needs to be done locking down internal networks to malware attacks ! Lets encrypt is a good start.

Comments are closed.